Channel Management

Security checks across malware telemetry and agentic risk

Overview

This channel-management skill is security-sensitive but its file changes and message routing are disclosed and aligned with its stated purpose.

Before installing, verify that only the real admin can DM the agent, confirm channel IDs carefully before making a primary channel, protect and periodically review ~/primary-channel.json and ~/trusted-contacts.json, and avoid routing sensitive operational updates through providers you do not trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The skill directs the agent to persistently modify security-relevant state files (`~/trusted-contacts.json` and, elsewhere in the skill, primary-channel state) using shell commands without any explicit confirmation, audit trail, validation, or user-facing warning that access-control behavior is being changed on disk. Because these files govern who the agent will trust and where it will proactively send messages, unintended or socially engineered updates could broaden who can interact with the agent or redirect sensitive notifications.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal